Internet and Infosec Analysis, Security Research with Risk Management

Menu

Tunnelbroker

Just recently the last two IPv4 /8s [1] have been allocated by IANA, providing the lift off for IPv4 address space exhaustion [2]. While the issue has been well known for years, and many people have been promoting IPv6 [3], only a few companies have migrated their networks and services [4,7]. It is now receiving its long demanded attention.

I am currently working on IPv6 security implementations and would like to feedback about how to migrate IPv4- into dual stacked IPv6 networks, securely. This article starts off with an example of a tunnel broker setup to help people get their first hands-on IPv6 experience. More advanced topics and focusing on various security issues are planned to be published on a part by part base. Stay tuned on IPv6.

IPv6 in IPv4 tunneling:

From Wikipedia (http://en.wikipedia.org/wiki/Tunnel_broker) “A tunnel broker is a service which provides a network tunnel. These tunnels can provide encapsulated connectivity over existing infrastructure to a new infrastructure.

There are a variety of tunnel brokers, though most commonly the term is used to refer to an IPv6 tunnel broker, as defined in RFC 3053 [5]. These commonly provide IPv6 tunnels to endusers/endsites using either manual, scripted or automatic configuration. In general tunnel brokers offer so called ‘protocol 41′ or proto-41 tunnels. These are tunnels where IPv6 is tunneled directly inside IPv4 by having the protocol field set to ’41’ (IPv6) in the IPv4 packet.”

Basically a IPv6 tunnel broker allows you to connect to and communicate with existing IPv6 networks even if your Service Provider network only supports IPv4. It allows testing for IPv6 deployment where some network node or transit communication is not fully IPv6 enabled:

Subscribing for IPv6 tunnel service with SixXS Tunnelbroker:

Please note that SixXS is just one of several tunnelbrokers available [6]. At the time I came around IPv6 tunneling this was simply one of the most popular ones.

You will receive a confirmation mail with your username, password and tunnel id and further details, e.g. login into the main website with your login details, request a tunnel and wait for tunnel approval.